Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us: Help@mobilehackerforhire.com

Nmap Development: Re: NMAP Scan help

Table of Contents





From: Robin Wood <robin@digi.ninja>
Date: Fri, 3 Feb 2023 18:44:11 +0000


Yes, the JavaScript is sent to the browser as part of the "web page
package".

This is a page on my site:

https://digi.ninja/projects/authlab.php

As part of it, it uses this bit of HTML:

<script src="/javascript/authlab.js
<https://digi.ninja/javascript/authlab.js>"></script>

To load this JavaScript file:

https://digi.ninja/javascript/authlab.js

The JS file is public and accessible to anyone who browses to it. If it
wasn't, then when the browser tried to download it, it would fail, and my
page would not work as it should.

Try it on almost any site. Browse to it and then do a "view source". Look
through for mentions of included scripts, you can then browse to those and
see their contents.

Anything that has to be run in a browser has to be able to be downloadable
from the server and therefore is fully visible to anyone who wants to see
it.

You should never put secret stuff in anything that has to go to the client.

If you are specifically meaning there are comments in the JS file that
shouldn't be seen, just tell the developer to remove them. They won't
affect anything as comments are just that, comments.

Robin

On Fri, 3 Feb 2023, 18:22 thanatos thanatos, <thanatos_ps () yahoo com> wrote:

I am talking about running a scan from the outside on port 443. It shows
my clients information

Sent from Yahoo Mail on Android
<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature>

On Thu, Feb 2, 2023 at 10:08 AM, Robin Wood
<robin@digi.ninja> wrote:
JavaScript is sent to the client as part of the way the web works and so
can't be blocked or hidden. If you stop sending it then whatever bits of
the site rely on it will stop working.

Nothing should be considered secret in client side JavaScript.

Robin

On Thu, 2 Feb 2023, 15:48 thanatos thanatos via dev, <dev () nmap org> wrote:

I have a question.
When I run MAP It displays the javascript comments for the site being
scanned. This is a concern for the client as this code has proprietary
information. The client is asking if something can be done on their side to
prevent this information from being displayed as a part of the NMAP scan?

Thank U
Thanatos
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/




Current thread:

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!